Security vulnerability in Linphone SIP allows attackers to crash devices

Cybersecurity researchers identified a security vulnerability in Linphone Session Initiation Protocol (SIP) stack. This flaw has the capability to be remotely exploited by the attacker without any action from a victim, leading to crashing the SIP client and causing a DoS condition.

The issue was highlighted by Claroty and is Tracked as CVE-2021-33056 (CVSS score: 7.5). It concerns a NULL pointer dereference vulnerability in the “belle-sip” component, which is a C-language library for implementing SIP transport, transaction, and dialog layers. All versions earlier than 4.5.20 are affected by the flaw.

Linphone is a SIP client that supports voice and video calls, end-to-end encrypted messaging, audio conference calls, etc. SIP is a signaling protocol that initiates, maintains, and terminates real-time multimedia communication sessions over the internet.

The vulnerability can be exploited by adding a malicious forward slash to a SIP message header or Diversion that will result in a crash of the SIP client application that uses the belle-sip library to control and parse SIP messages.

Also Read: QNAP looks into Patches for OpenSSL Flaws

Claroty pointed out that non-SIP URIs are also accepted as SIP header values, and so a generic URI will be considered a SIP URI. It is also worthy to note that this weakness is a zero-click vulnerability because a SIP client can simply crash by sending an INVITE SIP request with a  crafted From/To/Diversion header. So, any application using belle-sip to analyze SIP messages will be become unavailable after receiving an infected SIP “call.”

The patches for the core protocol stack are available, but it is highly recommended that updates are applied by vendors whose products rely on the affected SIP stack.